This page was generated on 2024-12-04 from the URL https://astrovials.com/canary.txt
The message block was decrypted using AstroVials' known-good public key.
AsstroVials Warrant Canary, October 14th, 2024
I, Rose, confirm that I am alive, and free, and that I have full control of astrovials.com. I have never willingly disclosed any user data or provided any access to user traffic to any third party. I do not collect user traffic logs and have never been compelled to do so by any third party. I have not disclosed any information of my users, and I have not been forced to modify my website to allow access or data leakage to a third party of any kind.
As of 2024-10-14 no warrants have ever been served to AstroVials or me. No searches or seizures of any kind have ever been performed on AstroVials assets. I have no direct or indirect knowledge of any backdoors, or potential backdoors in my servers or network and I have not received any requests to implement one.
Domain moved from astrovials.co to astrovials.com on January 14th, 2024
Next canary is due January, 2025.
My PGP public key info is as follows:
https://astrovials.com/key.asc
https://keys.openpgp.org/vks/v1/by-fingerprint/B82D318B7EC4351AEF1A79311081838968FC858E
KeyID: 68FC858E
Fingerprint: B82D 318B 7EC4 351A EF1A 7931 1081 8389 68FC 858E
gpg: Signature made Mon 14 Oct 2024 12:25:08 BST
gpg: using EDDSA key B82D318B7EC4351AEF1A79311081838968FC858E
gpg: Good signature from "Rose <rose@astrovials.co>" [full]
A canary is a way for a website owner to signal that something's wrong, like authorities snooping around or taking control of a server.
The site owner posts a message along with a key that can be used to prove it was written by them, and then updates the message periodically. If the owner stops updating the message, then that's a signal that something is wrong.
Nobody can take control of the site for long without people knowing, even if the site owner is legally obliged to remain silent.
# Copy Vannas's public key from the canary page. Save as vanna_public_pgp.asc
# Copy Vanna's message from the canary page. Save as vanna_message_pgp.asc
# Check that Vanna's public key matches the archived copy from January 2023
https://web.archive.org/web/20230123225946/https://vannapharma.com/canary/
# Only import the key if it matches the archived copy. If it doesn't, then RED ALERT!
gpg --import vanna_public_pgp.asc
# Verify the message is authentic according to the key we imported
gpg --verify vanna_message_pgp.asc
# Other commands that are useful
gpg --list-keys # show all keys in local keyring
gpg --lsign-key <name> # sign with your private key to indicate you trust the key
gpg --edit-key <name> # run the 'trust' command to set the trust level you want to give vanna's key
# Note that <name> can be a key id or even 'vanna' will work for us
# The 'other commands' are not necessary, but can remove scary warnings in output